提前準(zhǔn)備

臨時(shí)關(guān)閉 swap。持久關(guān)閉，請(qǐng)百度。

$ sudo swapoff -a

一各吨、安裝 containerd

依據(jù)官方教程排苍，即 Docker 安裝教程沦寂。
使用阿里云鏡像進(jìn)行安裝。

1. 安裝必要依賴

$ sudo apt-get update
$ sudo apt-get install -y ca-certificates curl gnupg lsb-release

2. 添加 GPG 密鑰

$ sudo mkdir -p /etc/apt/keyrings
$ curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

3. 設(shè)置 apt 倉庫

$ echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

4. 安裝 containerd

$ sudo apt-get update
$ sudo apt-get install -y containerd.io
# 鎖定 containerd.io 版本
$ sudo apt-mark hold containerd.io

5. 啟用 cri 和 systemd

$ containerd config default | sudo tee /etc/containerd/config.toml

找到下面的配置項(xiàng)并修改淘衙。

[plugins."io.containerd.grpc.v1.cri"]
  sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"
  ...
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
    ...
    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
        SystemdCgroup = true

重啟 containerd 并設(shè)置 containerd 自啟動(dòng)传藏。

$ sudo systemctl restart containerd.service
$ sudo systemctl enable containerd.service

二、安裝 Kubeadm

依據(jù)官方教程進(jìn)行安裝彤守。
使用阿里云鏡像進(jìn)行安裝毯侦。

1. 允許 iptables 檢查橋接流量

$ cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
$ sudo modprobe overlay
$ sudo modprobe br_netfilter
$ cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
$ sudo sysctl --system

2. 安裝必要依賴

$ sudo apt-get update
$ sudo apt-get install -y apt-transport-https ca-certificates curl

3. 添加 GPG 密鑰

$ sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg

4. 設(shè)置 apt 倉庫

$ echo \
  "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.aliyun.com/kubernetes/apt/ \
  kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

5. 安裝 kubelet、kubeadm 和 kubectl具垫，并鎖定其版本

$ sudo apt-get update
$ sudo apt-get install -y kubelet kubeadm kubectl
# 鎖定 kubelet kubeadm kubectl 版本
$ sudo apt-mark hold kubelet kubeadm kubectl

三侈离、安裝 Kubernetes

1. 初始化控制平面節(jié)點(diǎn)

$ sudo kubeadm init \
  # 設(shè)置控制平面端點(diǎn)，子節(jié)點(diǎn)通過這個(gè) host/ip 訪問控制平面
  --control-plane-endpoint=<control-plane-host-or-ip> \
  # 設(shè)置 pod 的網(wǎng)絡(luò)的無類別域間路由 ip 段
  --pod-network-cidr=10.244.0.0/16 \
  # 設(shè)置容器運(yùn)行時(shí)
  --cri-socket=unix:/run/containerd/containerd.sock \
  # 設(shè)置鏡像拉取的倉庫地址筝蚕，采用阿里云鏡像
  --image-repository=registry.aliyuncs.com/google_containers

成功之后卦碾，會(huì)有如下輸出：

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:

  kubeadm join <control-plane-host>:<control-plane-port> --token <token> \
    --discovery-token-ca-cert-hash sha256:<hash> \
    --control-plane 

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join <control-plane-host>:<control-plane-port> --token <token> \
    --discovery-token-ca-cert-hash sha256:<hash>

2. 配置 kubectl 的配置文件

$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

3. 子節(jié)點(diǎn)創(chuàng)建

子節(jié)點(diǎn)也需要安裝 kubelet kubeadm kubectl。
重復(fù)上面的安裝步驟即可起宽。

4. 子節(jié)點(diǎn)加入控制平面節(jié)點(diǎn)

sudo kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash> --cri-socket=unix:/run/containerd/containerd.sock

成功之后洲胖，會(huì)有如下輸出：

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

四、安裝 Pod 網(wǎng)絡(luò)附加組件

集群已經(jīng)搭建起來了坯沪，然后我們會(huì)發(fā)現(xiàn) coredns 停滯在 Pending 狀態(tài)绿映。
還記得我們?cè)诔跏蓟刂破矫鏁r(shí)，傳的 --pod-network-cidr=10.244.0.0/16 參數(shù)么腐晾？
就是為這一步準(zhǔn)備的叉弦，讓我們開始吧。

1. 安裝 flannel

點(diǎn)擊下載 最新的穩(wěn)定版本 赴魁。
下載完成后卸奉，確保每個(gè)服務(wù)器的 /opt/bin 文件夾內(nèi)都有 flanneld 二進(jìn)制文件。

2. 啟動(dòng) flannel

kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml